Global Privacy Policy

INTRODUCTION

SCHNEIDER GROUP respects your privacy. By name ‘SCHNEIDER GROUP’ we refer to a group of companies registered in Armenia, Austria, Azerbaijan, Belarus, Georgia, Germany, Kazakhstan, Kyrgyzstan, Lithuania, Moldova, Poland, Russia, Serbia, and Uzbekistan, specified on our website https://schneider-group.com/en/about/contacts/ , including branches and representative offices of those companies (hereinafter – ‘SCHNEIDER GROUP’, ‘Group’, ‘We’, ‘Our’ or ‘Us’).

This Global Privacy Policy describes the types of personal data provided by individuals (private persons, customers, SCHNEIDER GROUP’s employees, employees of external companies, such as SCHNEIDER GROUP’s partners, end clients or suppliers, interested partners) (hereinafter - the ‘Personal Data Subject’), how we process this data, and the choices you can make concerning the use of the data.

We also describe the measures we take to protect the data and how you can contact us with regard to our privacy practices. This is not only required by Data Protection Laws, but is also driven by our commitment to our clients and our desire to meet their expectations for compliance and risk management standards.

We process personal data in accordance with the Global Privacy Policy, applicable legislation, including the General Data Protection Regulation (2016/679) (the “GDPR”) and local laws (the ‘Data Protection Laws’).

Our privacy practices may vary among the countries where we operate, depending on local regulations and requirements. While we ensure that our measures to protect personal data comply with the general principles set out in the GDPR, there may be differences in specific requirements, rights and obligations related to personal data and/or data processing activities depending on the country.

This Global Privacy Policy provides a general statement on how SCHNEIDER GROUP protects your personal data. However, in connection with specific services provided by SCHNEIDER GROUP in the local jurisdictions, you may be provided with appendixes, polices or statements that supplement this Global Privacy Policy. These additional documents will define the personal data we may collect and the purposes of collection with regard to the services you may require.

SCHNEIDER GROUP reserves the right to change this Global Privacy Policy from time to time in order to reflect changes in our practices concerning the processing of personal data. The revised Global Privacy Policy will be effective immediately upon posting to our website.

If you have any questions regarding the processing of your personal data, please contact our EU representative (pursuant to Article 27 GDPR): SCHNEIDER GROUP GmbH, Ritterstrasse 2B, 10969 Berlin, Germany, info@schneider-group.com, +49 30 615 089 10. For other jurisdictions, please contact the respective SCHNEIDER GROUP office, which the contacts you can find here.

You have the right to file a complaint with a Data Protection Authority (‘DPA’), if you think that your personal data is being processed incorrectly or your Personal Data Subject rights have been violated by us. You can file a complaint by contacting the DPA that is local to your jurisdiction, which is either the location of the alleged violation, or the place in which you live and work.

This is the list of DPAs that are relevant to the scope of this Policy:

The Federal Commissioner for Data Protection and Freedom of Information:
https://www.bfdi.bund.de/EN/Home/home_node.html

Data protection supervisory authorities for private sector:
https://www.ldi.nrw.de/mainmenu_Service/submenu_Links/Inhalt2/Aufsichtsbehoerden/Aufsichtsbehoerden.php

For other jurisdictions, please refer to the local Data Protection Law and/or our Privacy Policy of SCHNEIDER GROUP office in the respective jurisdiction.

SOURCES OF INFORMATION

The information provided is publicly available or is provided by the Personal Data Subject or it is collected legitimately by us or third parties. SCHNEIDER GROUP may use various sources to obtain information about you, including:

on our website
in response to marketing or other communications
through social media
by your signing up for SCHNEIDER GROUP services or products
through participation in an offer, program or promotion
in connection with an actual or potential business or employment relationship with us.

You may also choose to consent to third parties to disclose information about you to us that those third parties have received.

INFORMATION PROVIDED BY DATA SUBJECTS AND HOW WE USE IT

SCHNEIDER GROUP processes personal data in a legal and fair manner. We only process personal data for particular, pre-determined purposes that are or were legitimate with regard to applicable law, and that are relevant to SCHNEIDER GROUP’s business.

You will always know what kind of data you provide to SCHNEIDER GROUP after you confirm with your consent. The data which you provide depends on the services and features you use, and can include:

To ensure fulfillment of our contractual obligations to clients and partners:

Name
Last name
E-mail address
Phone number
Company name
Address
Other data based on your consent given to us or your employer under the concluded contract for the provision of services.

To administer promotions or contests; establish contacts with clients; forward notices, requests and information related to SCHNEIDER GROUP’s services; execute agreements and contracts; process client requests and applications; organize promotional events, send marketing emails and special offers, and contact you about other SCHNEIDER GROUP’s services:

Name
Last name
E-mail address
Phone number
Company name.

To evaluate and improve quality in the use of our solutions, services and websites:

De-personalized analytical information provided by analytical services, such as Google Analytics, Google AdWords, AppsFlyer, and others.

SCHNEIDER GROUP will retain personal data as long as necessary to fulfill the purpose for which the data is processed in accordance with the objectives specified in the agreements (consents), or to comply with applicable legal requirements.

INTERNATIONAL DATA TRANSFER

Based on the explicit consent, we may transfer the personal data we obtain from you to recipients in countries other than the country in which the data was originally collected. Those countries may not have the same data protection laws as the country in which you initially provided it. When we transfer your data to other countries, we will protect it as described herein or as otherwise disclosed to you at the time the data is collected (e.g., in a consent form).

SCHNEIDER GROUP is a global business. To offer our services, we may need to transfer your personal data among several countries. We comply with applicable legal requirements providing adequate safeguards for the transfer of personal data to other countries.

SCHNEIDER GROUP shall transfer personal data to the country other than the country in which the data was originally collected only if all 3 criteria below are met

1. SCHNEIDER GROUP has taken protection measures (e.g., binding internal rules of the group or standard data protection clauses)

2. the Personal Data Subject has given explicit consent for the transfer

3. the client instructs SCHNEIDER GROUP to transfer personal data to a specific recipient.

The personal data may be transferred to, and stored at, a destination outside the country in which it was originally collected. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers.

HOW WE SHARE INFORMATION

We may share your data as follows:

Affiliates. We may share your data with our affiliates — companies that are controlled by or are under common control with SCHNEIDER GROUP.
Service Providers. We may also share your data with vendors that provide services to us, including companies that provide web analytics, advertising, e-mail distribution, payment processing, order fulfillment, and other services.
For legal reasons:

– to protect our rights, operations or property, or those of our clients
– to investigate, prevent, or take action regarding potential or suspected illegal activities, fraud, threats to the personal safety of any person
– to comply with applicable law or respond to valid legal process, including from law enforcement.

COOKIES

Cookies are files that collect various technical information about a user's computer, browser, and website usage, such as the pages which the user has visited and in which order.

SCHNEIDER GROUP uses cookies that are purely of technical nature (e.g., for statistics) and cookies that can identify guest users, facilitate and personalize the sign-up and movement of visitors on the site, and measure and analyze user’s habits. Cookies allow the website to remember information about the Personal Data Subject’s visit, e.g., preferred language and other settings.

When SCHNEIDER GROUP’s clients use its services, SCHNEIDER GROUP as well as external service providers and partners may send cookies or similar technology to a user’s computer to enhance and develop user’s online experience. However, you can also set your browser settings in such a way that it informs you when you receive a cookie or automatically declines to accept it. Therefore, you can decide for yourself whether you wish to accept cookies or not. At the same time, please be aware that some SCHNEIDER GROUP’s website features or services may not function properly without cookies.

YOUR RIGHTS AND OPTIONS

You have certain rights regarding your personal data that we collect and process. We also offer you certain options about which personal data you provide to us, how we use it, and how we communicate with you. You may refrain from submitting data directly to us. However, if you do not provide personal data when requested, you may not be able to benefit from the full range of SCHNEIDER GROUP’s services and we may not be able to provide you with information about services and promotions.

At any time, you can request us not to send you marketing communications by e-mail by clicking on the unsubscribe link within the marketing e-mails you receive from us.

If your employer provides your personal data to SCHNEIDER GROUP, you may have certain options with respect to SCHNEIDER GROUP’s use or disclosure of it. Please contact your employer to learn about and to exercise your options.

To the extent provided by the Data Protection Laws, you may withdraw any consent you previously provided to us, or object at any time on legitimate grounds, to the processing of your personal data. We will apply your preferences going forward. In some circumstances, withdrawing your consent to SCHNEIDER GROUP’s use or disclosure of your personal data will mean that you cannot take advantage of certain SCHNEIDER GROUP’s services.

Subject to applicable law, you may have the right to:

obtain confirmation that we hold your personal data
request access to and receive information about your personal data that we hold
receive copies of your personal data that we hold
update and correct inaccuracies in your personal data
object to the processing of your personal data, and have the information blocked, anonymized or deleted, as appropriate.

The right to access personal data may be limited in some circumstances by the requirements of local law. To exercise these rights, please contact us as set forth below.

If you provide us with any information or material relating to another individual, you should make sure that this sharing with us and our further use as described to you from time to time is in line with applicable laws; thus, for example, you should duly inform that individual about the processing of her/his personal data and obtain her/his consent, as may be necessary under applicable laws.

If we fall short of your expectations in processing your personal data or you wish to make a complaint about our privacy practices, please relate this to us, as it gives us an opportunity to address the issue and improve our services. You may contact us using the contact details provided on our website. To assist us in responding to your request, please give full details of the issue. We strive to review and respond to all complaints within a reasonable time.

PRIVACY PRINCIPLES

Personal data processing at SCHNEIDER GROUP is based on the following principles:

CONSENT AND CHOICE

Presenting to the Personal Data Subject the choice whether or not to allow the processing of their personal data except where the Personal Data Subject cannot freely withhold consent or where applicable law specifically allows the processing of personal data without the natural person’s consent. The Personal Data Subject election must be freely given, specific and made on a knowledgeable basis
Obtaining the opt-in consent of the Personal Data Subject for processing sensitive personal data except where applicable law allows the processing of sensitive personal data without the natural person’s consent
Informing the Personal Data Subject, before obtaining consent, about their rights under the individual participation and access principle
Providing the Personal Data Subject, before obtaining consent, with the information indicated by the openness, transparency and notice principle
Explaining to the Personal Data Subject the implications of granting or withholding consent.

PURPOSE, LEGITIMACY AND SPECIFICATION

SCHNEIDER GROUP can process personal data for the following purposes:

Execution of an agreement concluded with SCHNEIDER GROUP
Marketing, direct marketing by profiling and for making promo offers
Service provision
Ensuring that the purpose(s) complies with applicable law and relies on a permissible legal basis
Communicating the purpose(s) to the Personal Data Subject before the data is used for the first time for a new purpose
Using language for this specification which is both clear and appropriately adapted to the circumstances and nationality
If applicable, giving sufficient explanations for the need to process sensitive personal data.

DATA PROCESSING LIMITATION

Limiting the gathering of personal data to that within the bounds of applicable law and strictly necessary for the specified purpose(s).
Deleting and disposing of personal data whenever the purpose for personal data processing has expired, there are no legal requirements to keep personal data, or whenever it is practical to do so.

USE, RETENTION AND DISCLOSURE LIMITATION

Limiting the use, retention and disclosure (including transfer) of personal data to what is necessary for the fulfilment of specific, explicit and legitimate purposes
Limiting the use of personal data to the purposes specified by the Personal Data Controller prior to receiving it, unless a different purpose is explicitly required by applicable law; (Personal Data Controller means the natural person or legal entity, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data)
SCHNEIDER GROUP is the Personal Data Controller with regard to the personal data provided by Personal Data Subjects via SCHNEIDER GROUP’s website or during marketing activities
Retaining personal data only as long as necessary to fulfill the stated purposes, and thereafter securely destroying or anonymizing it
Locking (i.e., archiving, securing and exempting the personal data from further processing) any personal data when and for as long as the stated purposes have expired, but where retention is required by applicable laws.

ACCURACY AND QUALITY

Ensuring that the processed personal data is accurate, complete, up-to-date (unless there is a legitimate basis for keeping outdated data), adequate and relevant for the purpose of use being disclosed to the Personal Data Subject
Ensuring the reliability as well as legitimacy of personal data provided from a source other than from the Personal Data Subject before it is processed
Verifying, through appropriate means, the validity and correctness of the claims made by the Personal Data Subject prior to making any changes to the personal data (in order to ensure that the changes are properly authorized), where it is appropriate to do so
Establishing personal data processing procedures on the internal level to help ensure accuracy and quality
Establishing control mechanisms to periodically check the accuracy and quality of personal data processing.

OPENNESS, TRANSPARENCY AND NOTICE

Providing the Personal Data Subject with clear and easily accessible information about the personal data policies
Establishing procedures and practices with respect to the processing of personal data
Including in notices the fact that personal data is processed, the purpose for which it is done, the types of privacy stakeholders to whom the personal data might be disclosed, and the identity of the Personal Data Controller, including information on how to contact the Personal Data Controller
Disclosing the options and means offered by the Personal Data Controller to Personal Data Subject for the purposes of limiting the processing of, and for accessing, correcting and removing their information
Giving notice to the Personal Data Subject when major changes in the personal data processing procedures occur and take effect.

INFORMATION SECURITY: HOW WE PROTECT YOUR PRIVACY

Data security is a top priority for SCHNEIDER GROUP. All data and information provided by you are confidential by default. SCHNEIDER GROUP will therefore always apply technical and organizational data security measures for the protection of personal data that are adequate and appropriate, taking into account the concrete risks resulting from the processing of personal data as well as up-to-date security standards and procedures. In order to, among other reasons, identify and fulfill the appropriate level of protection, SCHNEIDER GROUP classifies processing systems with personal data and implements cascading sets of protective measures.

SCHNEIDER GROUP also maintains physical, electronic and procedural safeguards to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure. Some of the other central features of our information security program are:

The Corporate Security Department, which designs, implements and provides oversight to our information security program
The determination of personal data safety hazards in the course of processing in a SCHNEIDER GROUP processing system
Application of appropriate information security tools
Performance evaluation of applied personal data security measures before commissioning processing systems
Implementing controls to identify, authenticate and authorize access to various services or websites
Discovering the facts surrounding unauthorized access to personal data and adopting corresponding measures
Recovery of personal data that was modified or destroyed
Establishing access rules to personal data processed in SCHNEIDER GROUP processing systems and also recording and accounting for all actions undertaken with personal data in these systems
Restricting access to personal information for SCHNEIDER GROUP employees and contractors who need to know the information in order to process it for us and who are subject to strict contractual confidentiality obligations. They may be disciplined or their contract terminated if they fail to meet these obligations
Monitoring of our systems infrastructure to detect weaknesses and potential intrusions
Monitoring measures taken to ensure the security of personal data
Providing SCHNEIDER GROUP employees with relevant training and continually updating our security practices in light of new risks and developments in technology.

HOW TO CONTACT US

Should you have any questions or comments about this Global Privacy Policy, SCHNEIDER GROUP 's privacy practices, or if you would like us to update information or preferences you provided to us, please contact us using the contact information on our website.

This version of the Policy is effective as of October, 6 2025.